Use HTTPS
You can use a secured HTTPS connection either by setting up a reverse proxy or by changing parameters in Squash TM. Henix recommends that you set up a reverse proxy.
Reverse Proxy
If you want to use an HTTPS connection, Henix recommends that you use the Apache HTTPd reverse proxy that is installed on the server hosting Squash TM. Henix recommends that you use the apache server 2.4's branch with mod_proxy and mod_rewrite configured to force a HTTPS connection.
Here is an example to adapt:
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ServerName myhost.mydomain.com
ErrorLog ${APACHE_LOG_DIR}/myhost_error.log
DocumentRoot /var/www
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/myhost_access.log combined
SSLCertificateFile /etc/ssl/my-certificate-server.crt
SSLCertificateKeyFile /etc/ssl/private/my-private-key.key
<IfModule mod_proxy_http.c>
ProxyPreserveHost On
ProxyPass /squash http://localhost:8080/squash
ProxyPassReverse /squash http://localhost:8080/squash
</ifModule>
</VirtualHost>
If some Squash TM URLs are still in HTTP afterwards (Requirements Workspaces, URLs in APIs or in description fields in Issues), you must force their rewriting by following the example hereunder:
<IfModule mod_rewrite.c>
RewriteLog rewrite.log
RewriteLogLevel 0
<IfModule mod_ssl.c>
<Location>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteCond %{HTTP_HOST} (^.*)$ [NC]
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L]
</Location>
</IfModule>
</IfModule>
Info
If in Squash TM, a plugin that connects to a tool configured in HTTPS is installed, you must authorize HTTPS connections between the Squash TM server and the third-party-tool server. For this, save the third-party certificate in Squash TM's JVM truststore. To learn more, please visit the page Connect to a third-party tool in HTTPS.
Activate HTTPS in Squash TM without Reverse Proxy
To activate HTTPS directly in Squash TM's embedded tomcat, you must add the following information to the file conf/squash.tm.cfg.properties
:
server.ssl.key-store=<keystore path>
server.ssl.key-store-password=<keystore password>
server.ssl.key-password=<certificat server password>
server.ssl.key-alias=<password>
In the file bin\startup.sh
, you must enter the variable HTTP_PORT
as follows:
HTTP_PORT=8443
Focus
Once this parameter is set up, the app only works in HTTPS. In other words, if the user enters http://…, the URL will not be automatically redirected.
Warning
You must create a keystore beforehand. To generate/manipulate a keystore in JKS format (Java KeyStore), you can find Java Keytool commands here.
Connect Squash TM to a PostgreSQL in SSL Mode
For Squash TM to connect in SSL mode to a PostgreSQL database, in Squash TM's startup file bin/startup
, you must add ?sslmode=require
at the end of the line DB_URL
. This is applies no matter what installation or version you have.
DB_URL="jdbc:postgresql://localhost:5432/squashtm?sslmode=require"
DB_TYPE="postgresql"
DB_USERNAME="squash-tm"
DB_PASSWORD="password"